Every Company Is Now a Tech Company

When one browses the list of the Fortune 1000 companies, more and more innovative tech companies are joining the ranks, including big names like Amazon.com, Apple and Google. These companies are associated with the Internet, connectivity and “big data.” As a result, many consumers have high expectations for how these companies manage their personal data, and the companies themselves generally have large internal privacy departments. This is a good thing.

When I read the names on the list, though, I can’t help but think that every company is now a tech company and that they should be held to the same standards of privacy and security. Whether it’s Walmart with millions of credit card numbers on file from in-store and online sales or General Electric with information about how individual homes use their appliances, almost every company is now in the data business and has a significant online component to its operations.

I’m heartened to see as part of the IAPP’s new Benchmarking Privacy Management and Investments of the Fortune 1000report that spending is going up among companies on their privacy operations and equally pleased to see that privacy professionals are being well-compensated for their work. Having served as the chief privacy officer at a couple of the Fortune 1000 companies and having started the Privacy Office at the Department of Homeland Security, I know the challenges of integrating data privacy into the corporate value set, especially when leadership is understandably focused on the bottom line. I also know how difficult it can be to get business leaders throughout the organization to consider privacy when assessing risk.

In the wake of the Snowden revelations, though, and numerous high-profile data breaches, privacy and security are becoming increasingly valued by consumers. They are starting to become areas of differentiation for companies as well. Those that respect privacy and have strong security practices in place are the ones that consumers are increasingly turning to for a variety of services. We’ve witnessed new businesses jump into the fray with disruptive technologies that promise greater privacy and anonymity but sometimes overstating or misrepresenting that capability. Still, these start-ups, along with customer demand, are pushing big companies across industries to take note and adapt.

$2.4 million on average may sound significant, but for most of the companies on the list, that is a very, very small percentage of operating costs.

In my current role with the Center for Democracy & Technology, we are strongly advocating for greater user empowerment when it comes to privacy, along with an increased focus from companies on what they collect, whether data needs to be personally identifiable, how data is protected and how it is shared with third parties. With no major legislation action expected on the privacy front in the U.S. in the near future, companies are truly the ones that can make a difference in protecting our privacy. And yes, this is all companies, not just traditional tech companies.

Over the past few years, I’ve seen progress on corporate practices that really reflect thought about the obligation to be responsible for information that is collected and used. There is still more that could be done, and I am certain that the Fortune 1000 companies could commit greater funding to their privacy operations. $2.4 million on average may sound significant, but for most of the companies on the list, that is a very, very small percentage of operating costs. Hopefully, as the value proposition of privacy and security becomes clearer, budgets will rise.

Beyond increased budgets, privacy professionals need to be engaged with teams across the organization, not just IT, legal and compliance departments. They should participate in early stage product design processes, meet with the engineers and customer services representatives and take part in marketing and sales efforts. This is even more important as privacy professionals increasingly become data guardians. They combine ethics, strategy and a vision of the company’s relationship with the customer well into the future.

It’s a big role and getting bigger.

The privacy professionals of the IAPP are working to show that privacy and security matter. It is fantastic to see the field be recognized more and more each day, and my hope is that it will become an ingrained part of the leadership in companies across all industry sectors.

Comments

Related Stories

Over the summer of 2014, the IAPP embarked on the first of what will be an annual effort to research and benchmark the privacy programs of the Fortune 1000. In partnership with third-party research firm Fondulas Strategic Research, we queried roughly 275 privacy leads at Fortune 1000 companies, all ...

A business can’t run without money. Businesses of all sizes rely on effective forecasting and expense management by all budget-holders in the organization in order to plan and deliver financial results. Chief financial officers and their finance departments oversee these processes, manage their comp...

"Companies will only have to deal with one single supervisory authority, not 28, making it simpler and cheaper for companies to do business in the EU." - European Commission
At the time of the adoption of the EU General Data Protection Regulation, the European Commission touted as the benefit for ...

Dataguise announced Sagi Leizerov, CIPP/US, has become its new senior vice president of enterprise privacy solutions. Leizerov previously served as chief data solution officer at Prifender and as global privacy leader at Ernst & Young. Leizerov is also a member of the IAPP’s board of directors. ...

A company based in Dublin alleges several tech companies have breached a patent it owns for data transfer and storage technology, The Irish Times reports. Data Scape has launched 15 lawsuits in the U.S. against companies such as Amazon, Dropbox, SAP, Pandora and Spotify. The tech and patent company ...

The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.

The IAPP is the only place you’ll find a comprehensive body of resources, knowledge and experts to help you navigate the complex landscape of today’s data-driven world. We offer individual, corporate and group memberships, and all members have access to an extensive array of benefits.